Atlassian ≫ Jira Data Center

79 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

3.5

CVE-2021-26071

EPSS 0.16%
Veröffentlicht 01.04.2021 03:15:14
Zuletzt bearbeitet 21.11.2024 05:55:48

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software co...

5.3

CVE-2020-36286

EPSS 0.33%
Veröffentlicht 01.04.2021 03:15:13
Zuletzt bearbeitet 21.11.2024 05:29:12

The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members...

5.3

CVE-2020-36238

EPSS 0.6%
Veröffentlicht 01.04.2021 03:15:13
Zuletzt bearbeitet 21.11.2024 05:29:07

The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or n...

5.3

CVE-2021-26069

EPSS 2.47%
Veröffentlicht 22.03.2021 05:15:12
Zuletzt bearbeitet 21.11.2024 05:55:48

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/{id}/ActionsAndOperations...

5.3

CVE-2020-29453

EPSS 82.63%
Veröffentlicht 22.02.2021 21:15:19
Zuletzt bearbeitet 21.11.2024 05:24:01

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-I...

6.1

CVE-2020-36236

EPSS 0.47%
Veröffentlicht 15.02.2021 00:15:12
Zuletzt bearbeitet 21.11.2024 05:29:07

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected ver...

4.8

CVE-2020-36234

EPSS 0.23%
Veröffentlicht 15.02.2021 00:15:12
Zuletzt bearbeitet 21.11.2024 05:29:06

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from v...

4.3

CVE-2020-36231

EPSS 0.27%
Veröffentlicht 02.02.2021 00:15:12
Zuletzt bearbeitet 21.11.2024 05:29:06

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8....

5.3

CVE-2020-14179

EPSS 92.86%
Veröffentlicht 21.09.2020 01:15:12
Zuletzt bearbeitet 21.11.2024 05:02:49

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The af...

7.5

CVE-2020-14178

EPSS 1.37%
Veröffentlicht 01.09.2020 05:15:10
Zuletzt bearbeitet 21.11.2024 05:02:49

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version ...

<12345678>